e35a5a685efd16871208210fc4d85b0c2992f1f3dfecc8a557087b10f550c6e7

Analysis

max time kernel
138s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 13:04

Target

df3d20723c9898f16884ef9e690179f2.dll
Size

158KB
MD5

df3d20723c9898f16884ef9e690179f2
SHA1

4f2d4714e3877900049eea8381f024aa7121c3c0
SHA256

e35a5a685efd16871208210fc4d85b0c2992f1f3dfecc8a557087b10f550c6e7
SHA512

777df450c32abba026d96956e168a28509874291a71682218b7256038490de51fd2426a046a91277aaffaf3b9184662159c36675259222159c14e2b420fbc082
SSDEEP

3072:+0PVMkcPmiWXcJtfjX7770ciVRsNbhLU40zyvXuxFtZ7W:UmiGcJtrL77aO/LUBy/uxZ7W

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2964	2528	WerFault.exe	90

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2528	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 2528	4120	rundll32.exe	90
PID 4120 wrote to memory of 2528	4120	rundll32.exe	90
PID 4120 wrote to memory of 2528	4120	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df3d20723c9898f16884ef9e690179f2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\df3d20723c9898f16884ef9e690179f2.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 612
    3⤵
    - Program crash
    PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2528 -ip 2528
1⤵
PID:3480